CVE-2021-38604

Name of the Vulnerable Software and Affected Versions glibc versions through 2.34

Description The issue is related to the mishandling of certain NOTIFY REMOVED data in the sysdeps/unix/sysv/linux/mq notify.c component of the GNU C Library (glibc), leading to a NULL pointer dereference. This can be exploited by a remote attacker to cause a denial of service. The vulnerability was introduced as a side effect of a previous fix and can be triggered through the POSIX message queues API by sending a specially crafted message.

Recommendations For glibc versions through 2.34, consider disabling the mq notify() function or restricting access to the POSIX message queues API as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.